Packages changed:
  MozillaFirefox-branding-openSUSE
  MozillaThunderbird (45.1.1 -> 45.2)
  accountsservice (0.6.40 -> 0.6.42)
  alsa-tools
  apache2 (2.4.20 -> 2.4.23)
  build (20160427 -> 20160629)
  cmake (3.5.2 -> 3.6.0)
  coreutils
  ethtool (4.5 -> 4.6)
  expat (2.1.1 -> 2.2.0)
  flex
  fontconfig (2.11.1 -> 2.12.0)
  git (2.9.0 -> 2.9.2)
  gnome-control-center
  gnome-online-accounts (3.20.1 -> 3.20.2)
  gnome-software (3.20.3 -> 3.20.4)
  gnome-sudoku (3.20.2 -> 3.20.4)
  gnutls (3.4.13 -> 3.4.14)
  gspell (1.0.2 -> 1.0.3)
  gstreamer-plugins-bad
  gvfs
  installation-images-openSUSE (14.254 -> 14.258)
  kernel-source (4.6.3 -> 4.6.4)
  libdiscid
  libmnl (1.0.3 -> 1.0.4)
  libselinux (2.3 -> 2.5)
  libsepol (2.3 -> 2.5)
  perl-Carp-Clan (6.04 -> 6.06)
  perl-DateTime-TimeZone (2.00 -> 2.01)
  perl-YAML (1.17 -> 1.18)
  pidgin-sipe (1.20.1 -> 1.21.1)
  python-ipaddress (1.0.14 -> 1.0.16)
  systemd-presets-branding-openSUSE
  thin-provisioning-tools (0.6.1 -> 0.6.2)
  tiff
  util-linux
  util-linux-systemd
  xiterm
  yast2-bootloader (3.1.197 -> 3.1.198)
  yast2-network (3.1.158 -> 3.1.159)

=== Details ===

==== MozillaFirefox-branding-openSUSE ====

- Identify the different Leap versions correctly (up to Leap 42.2)
  (boo#987969).

==== MozillaThunderbird ====
Version update (45.1.1 -> 45.2)
Subpackages: MozillaThunderbird-translations-common

- update to Thunderbird 45.2 (boo#983549)
  Security fixes:
  * CVE-2016-2818, CVE-2016-2815: Memory safety bugs (MFSA2016-49)
- drop mozilla-flexible-array-member-in-union.patch, upstream

==== accountsservice ====
Version update (0.6.40 -> 0.6.42)
Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0

- Remove pkgconfig(libsystemd-daemon). Nowadays pkgconfig(libsystemd)
  is enough and replaces all libsystemd-* libs which are obsolete.
- Update to version 0.6.42:
  + Wtmp fixes on solaris.
  + Allow a user to change his own data even if he's remote.
  + Add way to set password hint independent of password.
  + Conform to modern systemd library naming scheme.
  + Disable GVFS support in service, since it's not needed and has
    bad side effects.
- Replace pkgconfig(libsystemd-login) for pkgconfig(libsystemd)
  BuildRequires following upstream changes.

==== alsa-tools ====

- Upstream fix for gcc6 compile error on ppc:
  0001-gcc6-narrowing-error.patch

==== apache2 ====
Version update (2.4.20 -> 2.4.23)
Subpackages: apache2-devel apache2-doc apache2-example-pages apache2-prefork apache2-utils

- add httpd-2.4.x-fate317766-config-control-two-protocol-options.diff
  Introduces directives to control two protocol options:
  * HttpContentLengthHeadZero - allow Content-Length of 0 to be
    returned on HEAD
  * HttpExpectStrict - allow admin to control whether we must
    see "100-continue"
  [bsc#894225], [fate#317766]
- version 2.4.23
  * Fixes CVE-2016-4979 [bsc#987365]
  * mod_proxy_hcheck was missing due to upstream bug.
  * mod_proxy_fdpass needs explicit configure line now.
  * Full list of changes:
  http://www-eu.apache.org/dist//httpd/CHANGES_2.4.23

==== build ====
Version update (20160427 -> 20160629)
Subpackages: build-mkbaselibs build-mkdrpms

- adding first snapcraft support

==== cmake ====
Version update (3.5.2 -> 3.6.0)

- While upstreaming cmake-version-in-generated-files.patch, the
  CMake developer Brad King reduced the patch
- Remove PIE from macros
- update to CMake 3.6.0
  * The ?list()? command gained a ?FILTER? sub-command to filter
    list elements by regular expression.
  * A ?CMAKE_TRY_COMPILE_TARGET_TYPE? variable was added to optionally
    tell the ?try_compile()? command to build a static library instead
    of an executable.
  * A ?<LANG>_CLANG_TIDY? target property and supporting
    ?CMAKE_<LANG>_CLANG_TIDY? variable were introduced to tell the
    Makefile Generators and the ?Ninja? generator to run ?clang-tidy?
    along with the compiler for ?C? and ?CXX? languages.
  * The ?ExternalProject? module leared the ?GIT_SHALLOW 1? option to
    perform a shallow clone of a Git repository.
  * The ?ExternalProject? module learned to initialize Git submodules
    recursively and also to initialize new submodules on updates.
  * The ?InstallRequiredSystemLibraries? module learned a new
    ?CMAKE_INSTALL_UCRT_LIBRARIES? option to enable app-local deployment
    of the Windows Universal CRT libraries with Visual Studio 2015.
  * The ?Compile Features? functionality is now aware of features
    supported by Intel C++ compilers versions 12.1 through 16.0 on UNIX
    platforms.
  * The ?CMakeForceCompiler? module and its macros are now deprecated.
  full changelog: https://blog.kitware.com/cmake-3-6-0-available-for-download/
- drop patch libarchive-version.patch which is included upstream
- update patch cmake-version-in-generated-files.patch

==== coreutils ====

- coreutils-diagnose-fts-readdir-failure.patch: Add upstream patch
  to diagnose readdir() failures in fts-based utilities: rm, chmod,
  du, etc. (boo#984910)

==== ethtool ====
Version update (4.5 -> 4.6)

- Update to new upstream release 4.6
  * Feature: Support register dump on Intel X550 NICs (-d option)
  * Fix: Correct some reported register offsets on Intel 10GbE NICs
    (-d option)
  * Feature: Add IPv6 support to NFC (-n, -N, -u and -U options)
  * Feature: Add support for ETHTOOL_xLINKSETTINGS ioctls (no
    option and -s option)
  * Feature: Use netlink socket when AF_INET not available

==== expat ====
Version update (2.1.1 -> 2.2.0)
Subpackages: libexpat-devel libexpat1 libexpat1-32bit

- Version update to 2.2.0:
  * Various cmake and autotools script updates
  * Fix detection of utf8 character boundaries
- Remove all patches merged upstream:
  * expat-2.1.1-avoid_relying_on_undef_behaviour.patch
  * expat-2.1.1-parser_crashes_on_malformed_input.patch
  * expat-alloc-size.patch
  * expat-visibility.patch

==== flex ====

- Small spec file cleanup

==== fontconfig ====
Version update (2.11.1 -> 2.12.0)
Subpackages: fontconfig-32bit fontconfig-devel

- Update to version 2.12.0:
  + Support the size specific design selection in OS/2 table
    version 5.
  + Allow the modification on 'lang' and 'charset' objects.
  + Increase the refcount in FcConfigSetCurrent().
  + some updates in orth files.
  + Add --error-on-no-fonts option to fc-cache.
  + Use lang=und instead of lang=xx for "undetermined".
  + Add FC_WEIGHT_DEMILIGHT and change from 65 to 55.
  + Add FC_COLOR.
  + Treat color fonts as scalable.
  + no FC_LANG added with FcConfigSubstitute() when it has "und".
  + Hardcode blanks in library.
  + Support symbol fonts.
  + Unicode 8.0 support.
  + Add hintstyle templates and default hintslight.
  + GX font support.
  + Improve the footprint issue on updating caches.
  + Bump the cache version to 6.
  + more bug fixes.

==== git ====
Version update (2.9.0 -> 2.9.2)
Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk

- git 2.9.2:
  * fix test suite failues with 64 bit timestamps
- git 2.9.1:
  * socket-level KEEPALIVE for git daemon
  * Various compatible workflow and UI fixes
  * Various optimisations and documentation updates
  * Fix regression in v2.9 affecting "clone --depth"

==== gnome-control-center ====
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces

- Drop pkgconfig(libsystemd-login) BuildRequires: this dependency
  has ot been in use since version 3.7.4.

==== gnome-online-accounts ====
Version update (3.20.1 -> 3.20.2)
Subpackages: gnome-online-accounts-devel libgoa-1_0-0 libgoa-backend-1_0-1 typelib-1_0-Goa-1_0

- Update to version 3.20.2:
  + lastfm: Don't forget to update the ret variable (bgo#760991).
  + Misc usability improvements to the imap-smtp provider
    (bgo#764283).
  + org.gnome.OnlineAccounts.Account:IsTemporary is not being set
    (bgo#765994).
  + Updated translations.

==== gnome-software ====
Version update (3.20.3 -> 3.20.4)

- Update to version 3.20.4:
  + Always show the 'MyLanguage' kudo when in en_US locale.
  + Disable app folders feature when run outside GNOME.
  + Fix an issue with launching Epiphany web-apps.
  + Fix a number of issues with Fedora system upgrades.
  + Fix a possible crash when download-updates setting is changed.
  + Improve styling of software reviews and kudos.
  + Make the app folder dialog work again.
  + Support launching appstream://id.
  + Updated translations.
- Drop gnome-software-fix-app-folders.patch: Fixed upstream.

==== gnome-sudoku ====
Version update (3.20.2 -> 3.20.4)

- Update to version 3.20.4:
  + Avoid accidental use of C++ 11.
- Update to version 3.20.3:
  + Seed the RNG so we actually get different puzzles each run.

==== gnutls ====
Version update (3.4.13 -> 3.4.14)
Subpackages: libgnutls-dane0 libgnutls-devel libgnutls-openssl27 libgnutls30 libgnutls30-32bit

- GnuTLS 3.4.14:
  * libgnutls: Address issue when utilizing the p11-kit trust store
    for certificate verification (GNUTLS-SA-2016-2, boo#988276)
  * libgnutls: Fixed DTLS handshake packet reconstruction.
  * libgnutls: Fixed issues with PKCS#11 reading of sensitive
    objects from SafeNet Network HSM
  * libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER
- drop upstreamed
  0001-tests-use-datefudge-in-name-constraints-test.patch

==== gspell ====
Version update (1.0.2 -> 1.0.3)

- Update to version 1.0.3:
  + Inline checker: fix constant redrawing of the GtkTextView when
    the current word is not checked.
  + Updated translations.

==== gstreamer-plugins-bad ====
Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbadbase-1_0-0 libgstbadvideo-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstgl-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0

- Really disable wayland support on SLE12.

==== gvfs ====
Subpackages: gvfs-backend-afc gvfs-backends gvfs-fuse

- Replace pkgconfig(libsystemd-login) with pkgconfig(libsystemd):
  Nowadays pkgconfig(libsystemd) replaces all libsystemd-* libs,
  which are obsolete.
- Fix "gvfs-smb timeout by message bus issue" (bsc#983992):
  + Add %glib2_gsettings_schema_require to preamble.
  + Add %glib2_gsettings_schema_post/postun to respective scripts
    of -backend-samba subpackage.

==== installation-images-openSUSE ====
Version update (14.254 -> 14.258)

- don't include wpa_supplicant for s390x (bsc#974601)
- documented common_tree script
- load only an exactly matching inst-sys (bsc#974601)
- reduce instsys size by removing files already in initrd
- 14.258
- Adjust the OOM killers score for haveged (bsc#974601)
- 14.257
- remove obsolete firmwarekit from BuildRequires
- Drop some unused packages from the root image (bsc#974601)
- yast2-devtools
- yast2-buildtools
- perl-Bootloader
- perl-XML-Parser
- perl-XML-Simple
- 14.256
- set EGL_LOG_LEVEL=0 to stop some libELG warning (bsc#976374, bsc#970883)
- 14.255
- Add missing xen-tools-domU to BuildRequires (bsc#979002)

==== kernel-source ====
Version update (4.6.3 -> 4.6.4)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms

- Linux 4.6.4 (bnc#982729).
- Delete
  patches.drivers/0001-Subject-PATCH-USB-xhci-Add-broken-streams-quirk-for-.patch.
- commit 103c936
- apparmor: fix oops, validate buffer size in
  apparmor_setprocattr() (CVE-2016-6187,bsc#988307).
- commit fbe379c
- Update patches.fixes/0001-posix_acl-Add-set_posix_acl.patch
  (bsc#986570 CVE-2016-1237).
- Update
  patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch
  (bsc#986570 CVE-2016-1237).
- commit 789949d
- Update patches.fixes/0001-posix_acl-Add-set_posix_acl.patch
  (bsc#986570 CVE#2016-1237).
- Update
  patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch
  (bsc#986570 CVE#2016-1237).
- commit 10c8c01
- nfsd: check permissions when setting ACLs (bsc#986570).
- posix_acl: Add set_posix_acl (bsc#986570).
- commit 2763888
- Update patches.kernel.org/patch-4.6.2-3 (add CVE-2016-4997 bsc#986362).
- commit fbd108c

==== libdiscid ====

- Remove useless --with-pic (it's for unbuilt static libs).
  Remove redundant %clean.
- Remove nonsense provide, it is not requested by debuginfo.

==== libmnl ====
Version update (1.0.3 -> 1.0.4)

- Update to new upstream release 1.0.4
  * Improvements in the netlink message printing function,
  attribute validation for MNL_TYPE_MSEC and MNL_TYPE_U64, clang
  compilation fixes, the new mnl_socket_open2() and
  mnl_socket_fdopen() functions, missing handling for
  NLM_F_DUMP_INTR and documentation updates.

==== libselinux ====
Version update (2.3 -> 2.5)
Subpackages: libselinux-devel libselinux1 libselinux1-32bit

- Adjusted source link
- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
  * swig-3.10 in Factory use importlib instead of imp to find
    _selinux.so. imp searched the same directory as __init__.py
    is while importlib searchs only standard paths. so we have
    to move _selinux.so. fixed by upstream
- update version 2.5
  * Add selinux_restorecon function
  * read_spec_entry: fail on non-ascii
  * Add man information about thread specific functions
  * Don't wrap rpm_execcon with DISABLE_RPM with SWIG
  * Correct line count for property and service context files
  * label_file: fix memory leaks and uninitialized jump
  * Replace selabel_digest hash function
  * Fix selabel_open(3) services if no digest requested
  * Add selabel_digest function
  * Flush the class/perm string mapping cache on policy reload
  * Fix restorecon when path has no context
  * Free memory when processing media and x specfiles
  * Fix mmap memory release for file labeling
  * Add policy context validation to sefcontext_compile
  * Do not treat an empty file_contexts(.local) as an error
  * Fail hard on invalid property_contexts entries
  * Fail hard on invalid file_contexts entries
  * Support context validation on file_contexts.bin
  * Add selabel_cmp interface and label_file backend
  * Support specifying file_contexts.bin file path
  * Support file_contexts.bin without file_contexts
  * Simplify procattr cache
  * Use /proc/thread-self when available
  * Add const to selinux_opt for label backends
  * Fix binary file labels for regexes with metachars
  * Fix file labels for regexes with metachars
  * Fix if file_contexts not '\n' terminated
  * Enhance file context support
  * Fix property processing and cleanup formatting
  * Add read_spec_entries function to replace sscanf
  * Support consistent mode size for bin files
  * Fix more bin file processing core dumps
  * add selinux_openssh_contexts_path()
  * setrans_client: minimize overhead when mcstransd is not present
  * Ensure selabel_lookup_best_match links NULL terminated
  * Fix core dumps with corrupt *.bin files
  * Add selabel partial and best match APIs
  * Use os.walk() instead of the deprecated os.path.walk()
  * Remove deprecated mudflap option
  * Mount procfs before checking /proc/filesystems
  * Fix -Wformat errors with gcc-5.0.0
  * label_file:  handle newlines in file names
  * Fix audit2why error handling if SELinux is disabled
  * pcre_study can return NULL without error
  * Only check SELinux enabled status once in selinux_check_access
- changes in 2.4
  * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
  * Fix bugs found by hardened gcc flags
  * Set the system to permissive if failing to disable SELinux because
    policy has already been loaded
  * Add db_exception and db_datatype support to label_db backend
  * Log an error on unknown classes and permissions
  * Add pcre version string to the compiled file_contexts format
  * Deprecate use of flask.h and av_permissions.h
  * Compiled file_context files and the original should have the same DAC
    permissions
- fixed selinux-ready to work with initrd files created by dracut (bsc#940006)

==== libsepol ====
Version update (2.3 -> 2.5)
Subpackages: libsepol-devel libsepol1

- Cleanup spec file with spec-cleaner
- Make spec file a bit more easy
- Ship new supbackage (-tools)
- Without bug number no submit to SLE 12 SP2 is possible, so to make
  sle-changelog-checker happy: bsc#988977
- Adjusted source link
- update version 2.5
  * Fix unused variable annotations
  * Fix uninitialized variable in CIL
  * Validate extended avrules and permissionxs in CIL
  * Add support in CIL for neverallowx
  * Fully expand neverallowxperm rules
  * Add support for unordered classes to CIL
  * Add neverallow support for ioctl extended permissions
  * Improve CIL block and macro call recursion detection
  * Fix CIL uninitialized false positive in cil_binary
  * Provide error in CIL if classperms are empty
  * Add userattribute{set} functionality to CIL
  * fix CIL blockinherit copying segfault and add macro restrictions
  * fix CIL NULL pointer dereference when copying classpermission/set
  * Add CIL support for ioctl whitelists
  * Fix memory leak when destroying avtab
  * Replace sscanf in module_to_cil
  * Improve CIL resolution error messages
  * Fix policydb_read for policy versions < 24
  * Added CIL bounds checking and refactored CIL Neverallow checking
  * Refactored libsepol Neverallow and bounds (hierarchy) checking
  * Treat types like an attribute in the attr_type_map
  * Add new ebitmap function named ebitmap_match_any()
  * switch operations to extended perms
  * Write auditadm_r and secadm_r roles to base module when writing CIL
  * Fix module to CIL to only associate declared roleattributes with in-scope types
  * Don't allow categories/sensitivities inside blocks in CIL
  * Replace fmemopen() with internal function in libsepol
  * Verify users prior to evaluating users in cil
  * Binary modules do not support ioctl rules
  * Add support for ioctl command whitelisting
  * Don't use symbol versioning for static object files
  * Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(),
    and sepol_ppfile_to_module_package()
  * Move secilc out of libsepol
  * fix building Xen policy with devicetreecon, and add devicetreecon
    CIL documentation
  * bool_copy_callback set state on creation
  * Add device tree ocontext nodes to Xen policy
  * Widen Xen IOMEM context entries
  * Fix error path in mls_semantic_level_expand()
  * Update to latest CIL, includes new name resolution and fixes ordering
    issues with blockinherit statements, and bug fixes
- changes in 2.4
  * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
  * Fix bugs found by hardened gcc flags
  * Build CIL into libsepol. libsepol can be built without CIL by setting the
    DISABLE_CIL flag to 'y'
  * Add an API function to set target_platform
  * Report all neverallow violations
  * Improve check_assertions performance
  * Allow libsepol C++ static library on device

==== perl-Carp-Clan ====
Version update (6.04 -> 6.06)

- updated to 6.06
  see /usr/share/doc/packages/perl-Carp-Clan/Changes
  Version 6.06  29.05.2016
  + Avoid failure due to version self-check in 20pre560.t
    This test seems like a footgun for release management reasons, but apprently
    I wasn't quite as careful as I tried to be in keeping the last release minimal.
  Version 6.05  29.05.2016
  + Patch tests failing due to 5.25.1+'s deprecated unquoted { } in regex.
    (RT #114537)

==== perl-DateTime-TimeZone ====
Version update (2.00 -> 2.01)

- updated to 2.01
  see /usr/share/doc/packages/perl-DateTime-TimeZone/Changes
  2.01    2016-07-17
  - This release is based on version 2016f of the Olson database. This release
    includes contemporary changes for Egypt and Russia. The changes for Egypt
    supersede the ones in 2016e.

==== perl-YAML ====
Version update (1.17 -> 1.18)

- updated to 1.18
  see /usr/share/doc/packages/perl-YAML/Changes
  1.18 Fri Jul  8 14:52:26 UTC 2016
  - Apply PR/161 @perlpunk++

==== pidgin-sipe ====
Version update (1.20.1 -> 1.21.1)
Subpackages: libpurple-plugin-sipe

- Version update to 1.21.1:
  * various bug fixes in media support
  * configure no longer ignores CFLAGS/LDFLAGS/LIBS
- Drop telepathy conditionals as we don't build on sle11 anyway
- Move the docs from library to main package to allow multiple versions
  at once as SLP wants

==== python-ipaddress ====
Version update (1.0.14 -> 1.0.16)

- Update to 1.0.16:
  * include license
  * Customize warning when bytes are passed in

==== systemd-presets-branding-openSUSE ====

- enable vmblock-fuse service for VMWare by default (bsc#986277)

==== thin-provisioning-tools ====
Version update (0.6.1 -> 0.6.2)

- Update to version 0.6.2:
  * Fix bug in thin_delta
  * Fix recent regression in thin_repair.
  * Force g++-98 dialect
  * Fix bug in thin_trim

==== tiff ====
Subpackages: libtiff-devel libtiff5 libtiff5-32bit

- Added patches:
  * tiff-4.0.6-libtiff-tif_luv.c-validate-that-for-COMPRESSION_SGIL.patch
  * tiff-4.0.6-libtiff-tif_pixarlog.c-fix-potential-buffer-write-ov.patch
  * tiff-4.0.6-libtiff-tif_read.c-make-TIFFReadEncodedStrip-and.patch
  - Upstream commits to fix CVE-2016-5314 [bsc#984831],
    CVE-2016-5316 [bsc#984837], CVE-2016-5317 [bsc#984842],
    CVE-2016-5320 [bsc#984808] and CVE-2016-5875 [bsc#987351]

==== util-linux ====
Subpackages: libblkid-devel libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid-devel libuuid1 libuuid1-32bit

- BuildIgnore util-linux: it's part of VMInstall, hence part of
  every package build. util-linux itself can be built without its
  own presence though. Helps with some rare bootstrap issues (when
  librtas changes soname for example).
- Drop usage of gpg-offline: this has long been migrated to a
  source service that checks signatures on checkin already (osc
  service lr source_validatory).

==== util-linux-systemd ====

- BuildIgnore util-linux: it's part of VMInstall, hence part of
  every package build. util-linux itself can be built without its
  own presence though. Helps with some rare bootstrap issues (when
  librtas changes soname for example).
- Drop usage of gpg-offline: this has long been migrated to a
  source service that checks signatures on checkin already (osc
  service lr source_validatory).

==== xiterm ====
Subpackages: fbiterm gtkiterm libiterm1

- implict-ptsname-decl.patch: fix implicit declaration of ptsname with
  glibc >= 2.24

==== yast2-bootloader ====
Version update (3.1.197 -> 3.1.198)

- fix writing default boot entry when it is located in grub2
  submenu (bnc#986005)
- 3.1.198

==== yast2-network ====
Version update (3.1.158 -> 3.1.159)

- Added entry "dhclient_set_hostname" to the AutoYaST schema file.
  Bug similar bnc#954412.
- 3.1.159